Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] Updating SSL keystore


On Mon, Feb 6, 2017 at 7:57 AM, Travis Spencer <travislspencer@xxxxxxxxx> wrote:
> This looks *very* useful and just what we need to avoid downtime when keys
> are rolled. What about ciphers,

Ciphers are part of the crypto material you reload with #918.

> port, listening address,

This requires to shutdown the server socket, which means that clients
won't be able to connect and that the server would need to wait for
existing clients to finish to use their connections.
This is much more difficult to obtain and would require some form of
global locking that we are not keen to introduce.
It is typically best achieved with a load balancer in front of Jetty
and a Jetty restart.

> min/max threads,

These are already modifiable on-the-fly via JMX.

> etc.? We allow all of these to be changed, and automatically restart our
> embedded Jetty instance when they are. So, it doesn't require admins to
> manually restart the sever, but it does cause momentary downtime. Can the
> feature in #918 be generalized to solve this need as well?

It cannot be "generalized" because each component has a different
lifecycle and impact on what the server does.
Typically, Jetty is already as dynamic as possible; if you have a
specific use case, by all means file an issue and we can discuss it.

Simone Bordet
Developer advice, training, services and support
from the Jetty & CometD experts.

Back to the top